An ethical hacker who discovered a security vulnerability in Magyar Telekom’s IT systems during April 2018 is currently being investigated by the Hungarian Prosecution Service after the company filed a complaint and faces 8 years in prison, local Hungarian media reports.

The security expert announced Magyar Telekom of the security issues affecting their systems

allow potential attackers to “access all public and retail mobile and data traffic and monitor the servers of the companies served by T-Systems,” says Hungary Today.

HCLU previously helped defend other Hungarian white hats
HCLU further commented the case declaring that white hats shouldn’t be prosecuted given that they are providing a service that, in the end, helps the entire society. On the other hand, the Hungarian Prosecutor’s Office argues that the defendant “crossed a line and due to the danger his actions may have posed to society, he must face the consequences of criminal law.”

Apple restores Google’s internal iOS apps after certificate misuse punishment
https://techcrunch.com/2019/01/31/apple-ban-google-data-app/

Chance Miller / 9to5Mac:
Facebook says Apple has restored its access to enterprise certificates, bringing internal apps back online — Update: In a leaked memo obtained by Business Insider, Facebook continues to defend its Research app, as well as its decision to distribute it via enterprise certificates.

Facebook says Apple has restored its access to enterprise certificates, bringing internal apps back online
https://9to5mac.com/2019/01/31/facebook-enterprise-certificates-online/

Update: In a leaked memo obtained by Business Insider, Facebook continues to defend its Research app, as well as its decision to distribute it via enterprise certificates.

European airplane maker Airbus admitted yesterday a data breach of its “Commercial Aircraft business” information systems that allowed intruders to gain access to some of its employees’ personal information.

Throughout the autumn of 2018 we analyzed a long-standing (and still active at that time) cyber-espionage campaign that was primarily targeting foreign diplomatic entities based in Iran. The attackers were using an improved version of Remexi in what the victimology suggests might be a domestic cyber-espionage operation. This malware has previously been associated with an APT actor that Symantec calls Chafer.

The scams look credible but the only gift on offer is the loss of your personal data.

A scam striking the followers of YouTube influencers which offers lucky fans free gifts from their favorite stars has been in operation far longer than first thought.

Reports surfaced last week of the fraudulent scheme, in which YouTube influencers including Philip DeFranco, Jeffree Star, and Bhad Bhabie are being impersonated by scam artists seeking to cash in on their fame.

While the campaign appeared to be fairly new — although low-bar — researchers from RiskIQ believe that the scam could have been in operation since 2016.

On Wednesday, RiskIQ researcher Yonathan Klijnsma published a blog post examining the scam in detail.

YouTube Impersonation Scams Offering Fake Rewards are Running Wild
https://www.riskiq.com/blog/labs/youtube-impersonation-scams/

Researchers have reported their findings and fixes should be deployed by the end of 2019.

A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards.

Further, besides 5G, this new vulnerability also impacts the older 3G and 4G protocols, providing surveillance tech vendors with a new flaw they can abuse to create next-gen IMSI-catchers that work across all modern telephony protocols.

The United States Department of Justice (DoJ) announced Wednesday its effort to “map and further disrupt” a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade.

Dubbed Joanap, the botnet is believed to be part of “Hidden Cobra”—an Advanced Persistent Threat (APT) actors’ group often known as Lazarus Group and Guardians of Peace and backed by the North Korean government.

India’s largest bank has secured an unprotected server that allowed anyone to access financial information on millions of its customers, like bank balances and recent transactions.

The server, hosted in a regional Mumbai-based data center, stored two months of data from SBI Quick, a text message and call-based system used to request basic information about their bank accounts by customers of the government-owned State Bank of India (SBI), the largest bank in the country and a highly ranked company in the Fortune 500.

Google joins Facebook in Apple’s banning spree

Apple shut down Google’s ability to distribute its internal iOS apps earlier today. A person familiar with the situation told The Verge that early versions of Google Maps, Hangouts, Gmail, and other pre-release beta apps stopped working alongside employee-only apps like a Gbus app for transportation and Google’s internal cafe app. The block came after Google was found to be in violation of Apple’s app distribution policy, and followed a similar shutdown that was issued to Facebook earlier this week.

TechCrunch and Bloomberg’s Mark Bergen reported late Thursday that the apps’ functionality had been restored; Apple appears to have worked more closely with Google to fix this situation

A major vulnerability in FaceTime allows anyone to see and hear contacts before they answer a group call, and Apple decided to suspend the feature completely until a fix is released.

And while the discovery has prompted an instant reaction of the Cupertino-based tech giant, it looks like the company actually knew there was a critical issue in Group FaceTime, only that it didn’t do anything about it.

Twitter user @MGT7500 posted a message on January 21 to warn of a major bug in FaceTime that would have enabled anyone to listen on contacts even when calls weren’t answered.

“My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport…waiting to hear back to provide details. Scary stuff!” the original tweet reads.

“Apple never answered”

But as it turns out, Apple actually ignored the report and the company only acted to block exploits earlier today when the vulnerability made the headlines.